CVE-2025-13491

Summary

IBM App Connect Enterprise Certified Container CD: 11.2.0 through 11.6.0, 12.1.0 through 12.19.0 and 12.0 LTS: 12.0.0 through 12.0.19 could allow an attacker to access sensitive files or modify configurations due to an untrusted search path.

Affected Software

VendorProductVersion RangeStatus
IBMApp Connect Enterprise Certified Container11.2.0 <= 11.6.0affected
IBMApp Connect Enterprise Certified Container12.1.0 <= 12.19.0affected
IBMApp Connect Enterprise Certified Container12.0.0 <= 12.0.19affected

Weaknesses

  • CWE-426: CWE-426 Untrusted Search Path

Workarounds

Disable mapping assistance in the DesignerAuthoring component

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References